|
211451
|
5.8 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limi…
|
NVD-CWE-noinfo
|
CVE-2020-13298
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211452
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a s…
|
NVD-CWE-noinfo
|
CVE-2020-13297
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211453
|
10.0 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
|
CWE-863
Incorrect Authorization
|
CVE-2020-13300
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211454
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13299
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211455
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-13289
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211456
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
|
NVD-CWE-noinfo
|
CVE-2020-13287
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211457
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
|
CWE-863
Incorrect Authorization
|
CVE-2020-13284
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211458
|
7.5 |
HIGH
Network
|
microchip
|
atsama5d21c-cu_firmware
atsama5d21c-cur_firmware
atsama5d22c-cn_firmware
atsama5d22c-cnr_firmware
atsama5d22c-cu_firmware
atsama5d22c-cur_firmware
atsama5d23c-cn_firmware
atsama5…
|
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12789
|
2024-11-21 14:00 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211459
|
7.5 |
HIGH
Network
|
microchip
|
atsama5d21c-cu_firmware
atsama5d21c-cur_firmware
atsama5d22c-cn_firmware
atsama5d22c-cnr_firmware
atsama5d22c-cu_firmware
atsama5d22c-cur_firmware
atsama5d23c-cn_firmware
atsama5…
|
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-12788
|
2024-11-21 14:00 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211460
|
7.5 |
HIGH
Network
|
microchip
|
atsama5d21c-cu_firmware
atsama5d21c-cur_firmware
atsama5d22c-cn_firmware
atsama5d22c-cnr_firmware
atsama5d22c-cu_firmware
atsama5d22c-cur_firmware
atsama5d23c-cn_firmware
atsama5…
|
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
|
NVD-CWE-noinfo
|
CVE-2020-12787
|
2024-11-21 14:00 |
2020-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
